FireLaunch.dev
Sign in Launch

Privacy Policy

Effective June 1, 2026
Plain English first. We collect the minimum we need to run the platform. We never sell your data. The shortlist of who gets your info: Clerk (auth), Stripe (payments), Resend (email), Supabase (database), Cloudflare R2 (image hosting), PostHog (analytics), Sentry (errors). You can delete your account and your data at any time.

This Privacy Policy explains how FireLaunch (“FireLaunch,” “we,” “us”) collects, uses, and shares your personal information when you use firelaunch.dev, the FireLaunch app, our API, our email newsletter, and related services (the “Service”).

1. Information we collect

1.1 You give us directly

  • Account info at sign-up: email address, display name, profile photo (optional), and any handle you pick. Auth itself is handled by Clerk; your password is never stored by us.
  • Listing content: product name, tagline, description, body, URLs you submit, screenshots and logos you upload, category selection, tier choice, optional launch date, and any optional links (GitHub, X, demo).
  • Payment info: collected by Stripe at checkout. We see the last four digits of your card, the card brand, the country of issuance, and the amount and currency of each transaction. We do not see or store the full card number.
  • Affiliate banking info (Stripe Connect): if you enroll in the affiliate program, your banking details for payouts are collected and held by Stripe under their agreements; we never see them.
  • Newsletter subscriptions: your email address when you opt in, plus the confirmation timestamp from the double-opt-in flow.
  • Communications: anything you send us by email or via support channels.

1.2 We collect automatically

  • Usage events: page views, button clicks, time spent on listing pages (“dwell”), votes, comments, and outbound clicks to product URLs. We use these signals to compute Spark and rank listings. Dwell and click data is stored against a salted hash of your IP address, not the raw IP, so the rows are not directly identifying.
  • Device / browser info: user-agent string, screen size, locale, and approximate location (derived from IP and never below city-level precision).
  • Cookies / local storage: a Clerk session cookie (required for sign-in), a small affiliate-attribution cookie if you arrive via a referral link, and PostHog's anonymous analytics cookie. We don't use third-party advertising cookies.

2. How we use it

  • To operate the Service: render your account, submit and rank listings, process payments, send transactional and digest emails, prevent fraud, debug issues.
  • To compute Spark and Forge eligibility: every recorded signal (vote, click, dwell, comment, maker activity) feeds into the public Spark formula. We never sell these signals; they are used solely to rank listings.
  • To improve the Service: aggregated usage data informs roadmap and design decisions. We do not use raw personal data for advertising training or model training.
  • To communicate: account-related emails (sign- up, listing approvals, payment receipts, refund confirmations, security notices) plus the Sunday digest if you opted in. We send marketing email only to subscribers who explicitly confirmed via double-opt-in, and every digest carries a one-click unsubscribe link.
  • To meet legal obligations: tax, accounting, fraud prevention, and responding to lawful requests from authorities.

3. Who we share it with

We share personal data only with the service providers we need to operate the platform. Each is bound by a Data Processing Agreement or equivalent. We don't sell your data, and we don't share it for behavioral advertising.

  • Clerk — authentication. Stores your email, name, hashed credentials, and session metadata. See clerk.com/privacy.
  • Stripe — payments and Connect affiliate payouts. Stores cardholder data and bank account info under PCI-DSS Level 1. See stripe.com/privacy.
  • Supabase — our database host. Stores listings, users, comments, Spark snapshots, addon purchases, audit events. See supabase.com/privacy.
  • Cloudflare R2 — image storage for logos and screenshots. See cloudflare.com/privacypolicy.
  • Resend — transactional and newsletter email delivery. See resend.com/legal/privacy-policy.
  • PostHog — product analytics. Anonymous event data, used internally for funnel and retention analysis. See posthog.com/privacy.
  • Sentry — error tracking. Captures stack traces and minimal request metadata when errors occur. See sentry.io/privacy.
  • Firecrawl — when you use the AI autofill feature, the URL you submit is sent to Firecrawl, which fetches and converts the page to markdown. See firecrawl.dev/privacy.
  • Anthropic — the AI autofill markdown is sent to Anthropic's Claude API to extract a draft listing. Anthropic does not train on API inputs. See anthropic.com/legal/privacy.

We may also share information with legal authorities when required by law (subpoena, court order, valid law-enforcement request) or to investigate fraud, security incidents, or violations of our Terms.

4. How long we keep it

  • Account info: for as long as your account is active, plus up to 90 days after deletion for backup-retention rollover.
  • Listings: indefinitely while approved. Deleted listings are removed from the database within 7 days and from cached search indexes within 30 days; archived digests sent before deletion cannot be unsent.
  • Payment records: 7 years from the transaction date, in line with US tax-record requirements.
  • Usage events (votes, clicks, dwell, comments): retained while the related listing is active; deleted alongside the listing.
  • Audit events (admin actions): retained indefinitely for security and accountability.

5. Your rights

Depending on where you live, you may have rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA / CPRA), and similar laws. These rights typically include:

  • Access — a copy of the personal data we hold about you.
  • Correction — fixes to inaccurate or incomplete data.
  • Deletion — removal of your personal data, subject to limited exceptions (e.g., we must retain certain financial records for tax purposes).
  • Portability — export of your data in a machine-readable format.
  • Objection / restriction — limiting how we process your data.
  • Withdrawal of consent — for processing based on consent (e.g., newsletter subscription).
  • Non-discrimination — exercising these rights will not affect your access to the Service or your pricing.

To exercise any of these rights, email privacy@firelaunch.dev. We respond within 30 days. You may also lodge a complaint with your local data-protection authority.

California residents: we do not sell personal information as defined by the CCPA, and we do not share personal information for cross-context behavioral advertising. You have the right to opt out of any sale or share if we ever change this practice; we will provide a clear opt-out mechanism if we do.

6. International transfers

FireLaunch is operated from the United States. By using the Service from outside the US, you understand that your data may be transferred to and processed in the US and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

7. Security

We use industry-standard security practices, including TLS for all data in transit, encrypted at-rest storage at our hosts, webhook signature verification for inbound integrations, scoped API tokens, and a least-privilege access model. No system is perfectly secure, and we cannot guarantee absolute security; if we become aware of a breach affecting your data we will notify you in accordance with applicable law.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact us and we will delete it.

9. Cookies

We use a small number of cookies and local-storage items necessary to run the Service. We do not use third-party advertising cookies. Specifically:

  • Clerk session cookie (required) — keeps you signed in. Without this, you cannot authenticate.
  • Affiliate attribution cookie (optional, 60-day lifetime) — recorded when you arrive via a referral link, used to credit the referrer if you purchase.
  • PostHog analytics cookie — anonymous, aggregated. Used for funnel + retention analysis. Block via your browser's privacy settings or any standard analytics blocker; the Service still works.

10. Do Not Track

Our Service does not respond to Do Not Track browser signals because there is no industry consensus on how to interpret them. We treat all users the same with regard to analytics collection and respect explicit opt-out preferences expressed through our unsubscribe and account-deletion flows.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we'll update the “Effective” date above and, for material changes, notify you by email or with a prominent notice on the Service. Continued use after a change constitutes acceptance of the updated Policy.

12. Contact

Privacy questions, data requests, or anything else go to privacy@firelaunch.dev. For general support, write hello@firelaunch.dev.

Not legal advice. This document is provided for general informational purposes and represents the platform's operating practices. It is not a substitute for advice from a qualified lawyer. If you operate or intend to operate FireLaunch as a business, have this Policy reviewed by counsel familiar with privacy law in your operating jurisdictions before relying on it.
Privacy Policy · FireLaunch